SUSE-SU-2023:3035-1

Опубликовано: 31 июл. 2023

Источник: suse-cvrf

Описание

Security update for the Linux Kernel (Live Patch 31 for SLE 15 SP2)

This update for the Linux Kernel 5.3.18-150200_24_134 fixes several issues.

The following security issues were fixed:

CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212509).
CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212347).
CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210566).

Список пакетов

SUSE Linux Enterprise Live Patching 15 SP2

kernel-livepatch-5_3_18-150200_24_134-default-10-150200.2.2

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20233035-1/
Link for SUSE-SU-2023:3035-1
https://lists.suse.com/pipermail/sle-security-updates/2023-July/015701.html
E-Mail link for SUSE-SU-2023:3035-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1210566
SUSE Bug 1210566
https://bugzilla.suse.com/1212347
SUSE Bug 1212347
https://bugzilla.suse.com/1212509
SUSE Bug 1212509
https://www.suse.com/security/cve/CVE-2023-2002/
SUSE CVE CVE-2023-2002 page
https://www.suse.com/security/cve/CVE-2023-3159/
SUSE CVE CVE-2023-3159 page
https://www.suse.com/security/cve/CVE-2023-35788/
SUSE CVE CVE-2023-35788 page

Описание

A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication.

Затронутые продукты

SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_134-default-10-150200.2.2

Ссылки

https://www.suse.com/security/cve/CVE-2023-2002.html
CVE-2023-2002
https://bugzilla.suse.com/1210533
SUSE Bug 1210533
https://bugzilla.suse.com/1210566
SUSE Bug 1210566

Описание

A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails.

Затронутые продукты

SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_134-default-10-150200.2.2

Ссылки

https://www.suse.com/security/cve/CVE-2023-3159.html
CVE-2023-3159
https://bugzilla.suse.com/1212128
SUSE Bug 1212128
https://bugzilla.suse.com/1212347
SUSE Bug 1212347
https://bugzilla.suse.com/1213842
SUSE Bug 1213842
https://bugzilla.suse.com/1214128
SUSE Bug 1214128
https://bugzilla.suse.com/1215674
SUSE Bug 1215674

Описание

An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.

Затронутые продукты

SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_134-default-10-150200.2.2

Ссылки

https://www.suse.com/security/cve/CVE-2023-35788.html
CVE-2023-35788
https://bugzilla.suse.com/1212504
SUSE Bug 1212504
https://bugzilla.suse.com/1212509
SUSE Bug 1212509

SUSE-SU-2023:3035-1

Описание

Список пакетов

SUSE Linux Enterprise Live Patching 15 SP2

Ссылки

Уязвимость: CVE-2023-2002

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2023-3159

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2023-35788

Описание

Затронутые продукты

Ссылки